2Z4gN8: Oktober 2008

Device: Edimax BR-6104KP (as I don't use USB, everything should work with BR-6104K)
Goal: Using Device as standard home router with OpenWRT while acting als OpenVPN-tunnelserver, socksproxy and locally as UPNP-server.
cablemodem/whatever.with.ethernet.out-----Edimax.OpenWRt-----local.PCs

A mate of mine has very restricted internet access, can only access http-ports, so i run OpenVPN on port 443 and as simple alternative srelay (the socks-proxy) on port 80. Luckily it is not checked whether using http so i don't have to use a http-tunnel-program.

i posted same stuff here: http://forum.openwrt.org/viewtopic.php?pid=75429#p75429

The Edimax has 2MB flash, but the image has to be smaller than 1780(?) KByte in order for the jffs2-filesystem to work. So in lack of space, OpenVPN etc have to get downloaded and installed on every boot, i wrote some simple start-scripts in etc/rc.d to make this moreorless foolproof - though it would be much nicer to have scripts in /etc/init.d which accept start/stop/restart/enable/disable commands. I provide those file here for adaption, note they won't work out-of-the-box as i replaced passwords and accountnames ... with dummy parameters. My config files start as last files on boot though changing settings could be possilbe earlier, possibly even bevor compiling, but ... it is working and easy to understand.

find the files here: http://www.file-upload.net/download-1209569/files.zip.html

Building the image:
svn co https://svn.openwrt.org/openwrt/trunk/ kamikaze #i got Revision 13021
cd kamikaze/package
svn co https://svn.openwrt.org/openwrt/packages/net/miniupnpd #gets the miniupnp package
cd ..
#copy content of my files.zip/files to kamikaze/files, propably you will have to mkdir files
#adapt all files to your needs and get openvpn-certs,-keys,... see below
#ensure you start with blank config: rm .config, rm .config.old
make menuconfig
--> target system: Infineon ADMtek ADM 5120 2.6
--> Subtarget: Little Endian
--> Target Profile: Edimax BR-6104KP (Unofficial)
--> Target Images: squashfs
#--> Image configuration: not used as done on first boot through files/etc/rc.d/...
--> Base system: # "-":do not install, "*":build-in
-bridge
-busybox ->Networking Utilities -> Enable IPv6 support
-Network --> ppp
*Netword --> miniupnpd #using it as package "M" did not work
-USB-Support kmod-usb-core
*Kernel modules -> Other modules -> kmod-leds-gpio and kmod-ledtrig-adm5120-switch
*Kernel modules -> Network Support -> kmod-tun
make V=99 #use V=99, if not, you might miss some y/n questions and make would not finish

To get the image on the device look here: http://midge.vlad.org.ua/wiki/console_cable (i used a m35 noname(!) serial data cable - you find the image in kamikaze/bin)
The OpenVPN-config is based on this article: http://wiki.openwrt.org/OpenVPNTunHowTo?highlight=(CategoryHowTo)
To create the necessary openvpn-key files look here: http://openvpn.net/index.php/documentation/howto.html#pki (in my files.zip there are just dummies)
To read the logs: logread
To know your dhcp-clients: cat /tmp/dhcp.leases
Telnet the device, set a password --> telnet is automaticly disabled --> ssh -p17777 youredimax

references:
http://wiki.openwrt.org/OpenWrtDocs/Packages
http://forum.openwrt.org/viewtopic.php?id=13767
http://forum.openwrt.org/viewtopic.php?id=14360
http://www.linux-mips.org/wiki/ADM5120_switch
http://downloads.openwrt.org/kamikaze/docs/openwrt.html
http://wiki.openwrt.org/CategoryHowTo?action=show&redirect=OpenWrtHowTo
http://dev.luci.freifunk-halle.net/docsrv/section.firewall.redirect.xml
http://wiki.openwrt.org/OpenWrtDocs/Kamikaze/FirewallConfiguration-warning: some stuff outdated or wrong
http://wiki.openwrt.org/DDNSHowTo?highlight=(CategoryHowTo)
http://openvpn.net/index.php/documentation/howto.html#pki
http://wiki.openwrt.org/OpenVPNTunHowTo?highlight=(CategoryHowTo)

Services running:
wan+lan:
443 OpenVPN
80 srelay
17777 sshd
81 httpd
lan:
23 telnet until you set an password
5000 miniupnpd
53 dnsmasq
67 dhcp-server

2Z4gN8

Sonntag, 26. Oktober 2008

blogspot blog sichern

Blog-Archiv